Technical Analysis of a Novel IMEEX Framework

Oct. 14, 2024, 11:15 a.m.

Description

The IMEEX framework is a newly discovered, custom-built malware targeting Windows systems. Delivered as a 64-bit DLL, it offers extensive control over compromised machines, featuring execution of additional modules, file manipulation, process management, registry modification, and remote command execution. It primarily targets Djibouti and Afghanistan, gathering system information and communicating with its command-and-control server over encrypted channels. The framework employs advanced techniques like masquerading as legitimate processes, mutex creation, and encrypted communications to maintain persistence and evade detection. Its modular approach, robust capabilities, and potential infrastructure overlap with ShadowPad suggest an evolution in threat actor tactics.

External References

https://intezer.com/blog/research/technical-analysis-of-a-novel-imeex-framework/
https://otx.alienvault.com/pulse/670cf932eede40d2e1660012
Tags
malware
windows
persistence
infrastructure
stealth
2024-10-14
imeex

Date

  • Created: Oct. 14, 2024, 10:57 a.m.
  • Published: Oct. 14, 2024, 10:57 a.m.
  • Modified: Oct. 14, 2024, 11:15 a.m.

Indicators

  • 94b8a01ad4b53d202984afb6781d7f88cb5cd329349791516e985ea88e08ad66
  • 7d02ad54e4e56f34e59414f9b02397901fc61bb1158a31ab2586fe62564aeb93
  • 7a3113d3212605a33924ad16ab360b7d48cc94de0de1c1cf9dc44695d4a01648
  • 6fcd206752cd87c26909ed3751b94eb8ef14cd1567d3757cae7fa0b89d3f77c7
  • 3e25798da0232d9039e570fb34d4bdccf7f082fa38b486a097d954f5f3debab3
  • 45.141.139.146
  • yurtumawat.wwwhost.us
  • erkinhorshiden.onedumb.com
  • bbsnews.sytes.net
Download all indicators here!

Attack Patterns

  • IMEEX
  • T1009
  • T1122
  • T1497
  • T1021
  • T1489
  • T1105
  • T1055
  • T1036
  • T1112
  • T1059

Additional Informations

  • Djibouti
  • Afghanistan